Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
5.2.4
-
None
Description
All the XSS Vulnerabiliy (described here : https://issues.apache.org/jira/browse/TAP5-1057) is not solved.
When we use a Software like Paros, we can change the value of Ajax Request parameters.
We can run javascript code.
I did a patch this morning. I just added the escapeHTML function in both of the errorHandler methods.
Emmanuel